Volt Typhoon: China Claims US is Behind Attacks, Not Them

The Chinese Computer Virus Emergency Response Center (CVERC) has once again asserted that the hacker group Volt Typhoon is a fabricated threat, created by the United States and its allies. According to Chinese authorities, U.S. intelligence agencies and the Five Eyes alliance are engaged in cyber espionage against China, France, Germany, Japan, and other nations, while also conducting widespread surveillance on internet users worldwide.

The new report also claims that the U.S. conducts false-flag operations to conceal its cyberattacks and intentionally perpetuates the myth of Chinese hackers. It is alleged that “irrefutable evidence” supports these accusations. Chinese experts contend that the U.S. government is allegedly embedding backdoors into internet products and conducting supply chain attacks, discrediting Volt Typhoon as nothing more than a “political farce” orchestrated by the U.S.

CVERC further asserts that the U.S. military base on Guam was not the target of cyberattacks by Volt Typhoon but, instead, was the source of numerous attacks on China and Southeast Asian countries. In July, Chinese experts had already published a report describing Volt Typhoon as a disinformation campaign by U.S. intelligence.

China claims that following previous publications on the matter, more than 50 cybersecurity experts from the U.S., Europe, and Asia expressed doubts about the evidence presented by the U.S. and Microsoft. However, the report provides neither the names of these experts nor details of their analysis.

The document also references well-known facts about surveillance programs conducted by American agencies. For example, how the NSA used surveillance programs like PRISM and the spy programs revealed by Edward Snowden.

The CIA’s Marble tool, which has been used since 2015 to obscure traces of cyberattacks, is also mentioned. According to Chinese experts, the program deliberately inserts strings in Chinese, Russian, and other languages to mislead investigations and implicate other countries.

Chinese authorities believe that all these actions resemble the accusations the U.S. has leveled against the Volt Typhoon group and claim that, in reality, it is an American operation, not a Chinese one. The report also includes accusations that the U.S. controls underwater fiber optic cables and conducts global surveillance on internet users worldwide.

Additionally, Microsoft and CrowdStrike are accused of inventing names for hacker groups with political undertones, such as “typhoon” or “panda,” and doing so for commercial gain without conducting thorough research.

The document concludes with a call for international cooperation in the field of cybersecurity and urges developers to focus on creating better technologies to defend against cyber threats.

Volt Typhoon is the codename for a Chinese cyber-espionage group, which, according to Western researchers, has been infiltrating critical infrastructure since 2019. The group uses routers, firewalls, and VPNs to obscure its activities. In August 2024, Volt Typhoon was linked to the exploitation of a zero-day vulnerability (CVE-2024-39717, CVSS score: 7.2) in the Versa Director system, which allowed the installation of malware for data theft.

On May 24, 2023, the Five Eyes alliance released a joint statement on the activities of Volt Typhoon, highlighting its connection to China. These conclusions were based on findings by Microsoft, but Chinese specialists conducted their own investigation and concluded that the group’s activities were more akin to typical cybercrimes lacking state sponsorship.